If you have a .NET application that is over 5 years old (as I do) then perhaps you should take a minute and take a look at the version of .NET that you are running it under.
And that is because on April 26, 2022, .NET Framework 4.5.2, 4.6. and 4.6.1 versions will officially reach End of Support. Meaning that you will need to upgrade to a newer version, if you'd like to continue to receive security fixes and technical support from Microsoft.
To check your current version of .NET on your application you can right click on your project name in Visual Studio and select the 'Property Pages' option (Visual Studio 2019).
Under the 'Build' menu item on the following page, you should see the current version that you are targeting under the Target Framework dropdown.
What does End of Support mean?
In the software and hardware world, End of Support refers to the specific time period when a company no longer plans on officially releasing updates to one of their products. Those updates could include everything from security patches to technical support. And the product can include both an entire application or a particular version of an application, as is the case here.
This is a common practice and is typically announced a year or more in advance so that software engineers and developers can update their applications accordingly without any issue.
This is also typically common as new versions of the software in question are released. In the case of the .NET Framework, developers can upgrade their runtimes to use .NET Framework 4.6.2, 4.7.1, .4.7.2 or the latest as of this writing 4.8. Those versions are still scheduled for support for many more years to come.
Why is it reaching End of Support?
Typically, as mentioned above, a specific version of a software will reach the end of its support life cycle after a number of years due to newer versions being released. Even if it's inconvenient to developers and engineers, companies want you to upgrade to the latest and greatest.
This can also frequently occur when software becomes so outdated and error prone that a company deems it is no longer worth supporting. You can think of Adobe Flash as an example.
As one might guess, having a support team working on any version of a software cost money. The company has to maintain a team of people that are familiar with v1.1 for example. And once v.3.1 is released, there still needs to be someone with knowledge of the original 1.1.
In this particular case though, a major push to end support for the aforementioned .NET Framework versions is a bit different.
Outdated SHA-1 Signature
.NET Framework 4.5.2, 4.6. and 4.6.1 were originally signed using the SHA-1 encryption algorithm. While secure for its time, there has since been many updates to both crack it and to improve upon it.
With the advent of SHA-256 (a much stronger encryption algorithm) which you can read about here, the older SHA-1 hashing algorithm is no longer recommended or deemed secure.
Microsoft has since adopted stronger encryption starting with .NET Framework 4.6.2 and above. And this is the primary reason for pushing these 3 versions to End of Support.
I for one applaud Microsoft for nudging developers towards newer and more secure frameworks. Realistically, many legacy applications that are functional and that generate income for their site owners do not frequently get updated. The adage of "if it isn't broke, don't fix it" is very strong in the software development world.
In this case, it's not quite "broke" per say. But it is in need of an update.
What happens after April 2022?
If you avoid updating your Target Framework and the calendar hits the due date, then your applications will still run and compile as usual. They won't however receive any future security updates, making it even less secure the longer time passes.
If you reach out for technical support and you still have the outdated frameworks, you will also be asked to update your framework before you can receive technical help as well.
Updating
For most applications, updating the target framework from the old versions to the later 4.6.2 - 4.8 should not cause any issues or conflicts.
I myself have made the update on this blog, seeing as how it is now going 7 years strong. With thousands of lines of code and countless integrations, I did not encounter any breaking issues in the process. However, there were some warnings about incompatible Nuget packages that I needed to address. There were also inconsistencies with other imported packages relying on older frameworks as well.
But as I mentioned above, nobody really wants to make huge updates to their codebases. It's not an error-free one-click update sort of thing. It involves some level of planning and testing, particularly if you have a substantial project on your hands.
Walter Guevara is a software engineer, startup founder and currently teaches programming for a coding bootcamp. He is currently building things that don't yet exist.
Stay up to date
Sign up for my FREE newsletter. Get informed of the latest happenings in the programming world.